banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

sql injection fix - ported back to trunk from branches/2.3 ...

Browse Source 
git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1326 a1433add-5e2c-0410-b055-b7f2511e0802
pull/2/head
David Goodwin 13 years ago
parent 51ddbd2f2e
commit 1a9104cab4
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File

8
backup.php
Unescape Escape View File

@ -123,11 +123,9 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
{ {
while ($row = db_assoc ($result['result'])) while ($row = db_assoc ($result['result']))
{ {
foreach ($row as $key=>$val) $fields = array_keys($row);
{ $values = array_values($row);
$fields[] = $key; $values = array_map('escape_string', $values);
$values[] = $val;
}
fwrite ($fh, "INSERT INTO ". $tables[$i] . " (". implode (',',$fields) . ") VALUES ('" . implode ('\',\'',$values) . "');\n"); fwrite ($fh, "INSERT INTO ". $tables[$i] . " (". implode (',',$fields) . ") VALUES ('" . implode ('\',\'',$values) . "');\n");
$fields = ""; $fields = "";

Write Preview
Loading…
Cancel
Save